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DETAILED ACTION 

1 . This is in response to the communications filed on 12 June 2006. 

2. Claims 1-13 are pending in the application. 

3. Claims 1-13 have been rejected. 

Specification 

4. The abstract of the disclosure does not commence on a separate sheet in accordance with 37 
CFR 1.52(b)(4). A new abstract of the disclosure is required and must be presented on a separate 
sheet, apart from any other text. 

Drawings 

5. The drawings are objected to because the drawing contains the label "SUBSTITUTE 
SHEET". Corrected drawing sheets in compliance with 37 CFR 1 .121(d) are required in reply to 
the Office action to avoid abandonment of the application. Any amended replacement drawing 
sheet should include all of the figures appearing on the immediate prior version of the sheet, 
even if only one figure is being amended. The figure or figure number of an amended drawing 
should not be labeled as "amended." If a drawing figure is to be canceled, the appropriate figure 
must be removed from the replacement sheet, and where necessary, the remaining figures must 
be renumbered and appropriate changes made to the brief description of the several views of the 
drawings for consistency. Additional replacement sheets may be necessary to show the 
renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an 
application must be labeled in the top margin as either "Replacement Sheet" or "New Sheet" 
pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will 
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be notified and informed of any required corrective action in the next Office action. The 
objection to the drawings will not be held in abeyance. 

Information Disclosure Statement 

6. The examiner has considered the information disclosure statement (IDS) filed on 12 June 
2006. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published nuclei- Article 21(2) of such treaty in the Hnglish language. 

7. Claims 1, 4-6, 8-10 and 13 are rejected under 35 U.S.C. 102(e) as being anticipated by Marsh 
U.S. Patent No. 7,080,039 Bl. 

As to claim 1, Marsh discloses a device, comprising: 

a removable digital memory including a port at which digital information 
stored on the memory can be accessed (i.e. set-top box 242 provides received 
content 240 that satisfies the conditional access scheme to descrambling and 
encrypting module 222 via a coupling 244. Set-top box 242 scrambles the content 
it passes to module 222 in order to prevent a malicious user from tapping into the 
signal passed between box 242 and module 222 and inappropriately using the 
content. Coupling 244 can be any of a variety of communications mechanisms, 
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including both wired and wireless. In one implementation, coupling 244 is a USB 
(Universal Serial Bus) or IEEE 1394 connection) [column 7, lines 1 1-25]; 

a memory for storing first conditional access data and at least one content 
encryption key (i.e. Certificate 276 is a certificate that is digitally signed by a 
trusted licensing authority (also referred to as a certificate authority or certifying 
authority) testifying that the smart card 246 is authentic. Certificate 276 includes 
the public key of key pair 270, the public key of the licensing authority, and the 
above testimony, and is digitally signed by the licensing authority using the 
private key of the licensing authority. This digitally signed certificate allows 
module 222, knowing the public key of the licensing authority, to verify that the 
certificate that is presented by smart card 246 was indeed digitally signed by the 
licensing authority.) [column 9, lines 57-67]; 

a second port for receiving user certificate data and a first key of a key 
pair contained in an access card (i.e. System 220 is coupled to a smart card reader 
248 (e.g., via a standard connection such as a USB connection), allowing 
descrambling and encrypting module 222 to communicate with smart card reader 
248 via content protection controller module 238. Smart card 246 can be coupled 
to smart card reader 248 in a variety of different manners, including physical 
touching (e.g., electrical contacts of smart card reader 248 being placed in 
physical contact with electrical contacts of smart card 246) or without such 
physical contact (e.g., a wireless connection, such as infrared, radio frequency, 
etc.). Smart card 246 is an integrated circuit card (ICC) which is typically the size 
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of a standard credit card and which is capable of storing data and performing 
some processing. In one implementation, smart card 246 complies with the ISO 
7816 standard. Although discussed herein as a smart card, other types of portable 
integrated circuit (IC) devices can alternatively be used.) [column 8, lines 6-22]; 
and 

a processor responsive to the user certificate data received on the second 
port for authenticating the received certificate data based on the first conditional 
access data stored in the memory (i.e. receiving the certificate, module 222 
verifies that the licensing authority is itself trustworthy. Module 222 verifies that 
the licensing authority is trustworthy by establishing a "chain" of one or more 
certificates ranging from the licensing authority up to a root certificate. System 
220 maintains a root certificate for each licensing authority that system 220 trusts. 
Each root certificate is a self-signed certificate that is implicitly trusted by system 
220. Upon receipt of the smart card certificate 276, module 220 attempts to 
establish a chain of certificates from the certificate 276 up to one of the trusted 
root certificates. This chain may include one or more "intermediate" certificates. 
Each certificate in the chain will have a "parent" certificate that can 
cryptographically verify the authenticity of the certificate (e.g., by being digitally 
signed by the parent). Eventually, the chain leads back to a parent certificate that 
is one of the trusted root certificates. If such a certificate chain can be established 
by module 222, then the licensing authority is considered trustworthy. However, 
if such a certificate chain cannot be established, then the licensing authority is not 
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considered trustworthy and module 222 will not descramble and encrypt the 
media content.) [column 10, lines 22-43], the processor, upon the authentication, 
encrypting information stored in the removable digital memory using the at least 
one content encryption key, to thereby provide encrypted information in the 
removable digital memory, the processor operable for encrypting the content 
encryption key using the first encryption key received on the second port and 
outputting the encrypted content encryption key to enable access of the encrypted 
information stored on the removable digital memory by an external device (i.e. 
The media is encrypted based on smart card 246, thereby requiring smart card 246 
to be present in order to decrypt and render the stored content. This decryption 
and rendering can be performed by any system 220 to which smart card 246 is in 
communication (e.g., plugged into), such as the system 220 that recorded the 
content or a system 220 at a friend's house if smart card 246 is taken to the 
friend's house. Alternatively it can be a physically different smart card, but only if 
that smart card has the same household identifier stored (securely) inside.) 
[column 14, lines 15-25]. 
As to claim 4, Marsh discloses that the first key is a public key of a public/private key 

pair [column 9, lines 6-8]. 

As to claim 5, Marsh discloses that the access card is inserted into a slot of the device 

[column 8, lines 6-22]. 
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As to claim 6, Marsh discloses an access card for enabling secure accessing of digital 
information stored on a removable memory, the access card comprising: 

a memory having stored therein a first conditional access certificate and a 
second conditional access certificate (i.e. The certificate can be digitally signed by 
the licensing authority applying a conventional encryption algorithm along with 
its private key to the certificate to generate a digital signature. This digital 
signature is forwarded to module 222 along with the certificate. The recipient can 
decrypt the digital signature using the licensing authority's public key and 
compare the decrypted certificate to the received certificate. If the two certificates 
match, then the recipient is ensured that the licensing authority did in fact sign the 
certificate and that the certificate has not been altered since it was signed. 
Alternatively, rather than applying an encryption algorithm to the certificate itself, 
the digital signature may be generated by applying the encryption algorithm to a 
hash value generated based on the certificate and a known hash function. The 
digital signature can then be verified by module 222 applying the known hash 
function to the received certificate and comparing this generated hash value to the 
decrypted digital signature. If the two hash values match, then module 222 is 
ensured that the licensing authority did in fact sign the certificate and that the 
certificate has not been altered since it was signed.) [column 10, lines 1-21]; 

means for authenticating first and second conditional access certificates 
with respective first and second certificate data stored on respective destination 
and source devices [column 10, lines 1-21]; 
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the memory, following authentication of the card with a destination 
device, being updated to store a public key of a public/private key pair stored in 
the destination device [column 10, lines 52-61]; and 

a processor operable for, upon authentication of the card with a source 
device, controlling transmission of the public key to the source device, wherein, 
in response thereto, the memory being updated to store encrypted data comprising 
a first key encrypted using the public key, the first key also being used to encrypt 
information on the removable memory at the source device, whereby 
communication of the encrypted data to the destination device enables decryption 
of the data using the private key to recover the first key, to thereby decrypt 
encrypted information in the removable memory (i.e. The media is encrypted 
based on smart card 246, thereby requiring smart card 246 to be present in order 
to decrypt and render the stored content. This decryption and rendering can be 
performed by any system 220 to which smart card 246 is in communication (e.g., 
plugged into), such as the system 220 that recorded the content or a system 220 at 
a friend's house if smart card 246 is taken to the friend's house. Alternatively it 
can be a physically different smart card, but only if that smart card has the same 
household identifier stored (securely) inside.) [column 14, lines 15-25]. 
As to claim 8, Marsh discloses a digital information destination device comprising: 

a digital information input port (i.e. set-top box 242 provides received 
content 240 that satisfies the conditional access scheme to descrambling and 
encrypting module 222 via a coupling 244. Set-top box 242 scrambles the content 
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it passes to module 222 in order to prevent a malicious user from tapping into the 
signal passed between box 242 and module 222 and inappropriately using the 
content. Coupling 244 can be any of a variety of communications mechanisms, 
including both wired and wireless. In one implementation, coupling 244 is a USB 
(Universal Serial Bus) or IEEE 1394 connection) [column 7, lines 1 1-25]; 

a digital information decoder coupled to the digital information input port 
for decoding digital information encoded with a content encoding key, when the 
content encoding key is available, to thereby produce unencoded digital 
information (i.e. The encrypted content is also provided to MPEG decoder 
module 234. MPEG decoder module 234 decodes (e.g., decompresses) the 
encoded content (which is encoded in an MPEG format in the illustrated 
example). Module 234 decrypts the encrypted content prior to decoding the media 
content, and outputs the decoded content to content renderer module 236. Module 
234 can, after decoding the media content, optionally encrypt the decoded 
content. Whether module 234 encrypts the decoded content is dependent on 
whether a secure communication channel exists between modules 234 and 236. If 
there is a secure communication channel (e.g., the modules 234 and 236 are on 
the same expansion card within system 220, or are within the same display 
device), then encryption is not necessary. Content renderer module 236 renders 
the media content via rendering device 294. Although illustrated as a single 
decoder module 234 and a single renderer module 236, multiple such modules 
may be included (e.g., one for each type of media content, such as one for audio 
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content and one for video content). Additionally, multiple rendering devices may 
be included (e.g., one for visual content and another for audio content) [column 
12 line 65 to column 13 line 19]; 

memory preloaded with at least a second stored User Certificate and 
mutually corresponding private and public encryption keys associated with the 
destination device [figure 4]; 

a content encoding key decryptor for decrypting the content encoding key 
with a content encoding key encryption key [column 12 line 65 to column 13 line 
19]; 

an access card reader for reading an access card, where the access card 
includes authentication means and a memory which, prior to a first insertion in the 
destination device, includes at least a second Conditional Access Certificate and a 
first User Certificate and which, after the first insertion (i.e. receiving the 
certificate, module 222 verifies that the licensing authority is itself trustworthy. 
Module 222 verifies that the licensing authority is trustworthy by establishing a 
"chain" of one or more certificates ranging from the licensing authority up to a 
root certificate. System 220 maintains a root certificate for each licensing 
authority that system 220 trusts. Each root certificate is a self-signed certificate 
that is implicitly trusted by system 220. Upon receipt of the smart card certificate 
276, module 220 attempts to establish a chain of certificates from the certificate 
276 up to one of the trusted root certificates. This chain may include one or more 
"intermediate" certificates. Each certificate in the chain will have a "parent" 
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certificate that can cryptographically verify the authenticity of the certificate (e.g., 
by being digitally signed by the parent). Eventually, the chain leads back to a 
parent certificate that is one of the trusted root certificates. If such a certificate 
chain can be established by module 222, then the licensing authority is considered 
trustworthy. However, if such a certificate chain cannot be established, then the 
licensing authority is not considered trustworthy and module 222 will not 
descramble and encrypt the media content.) [column 10, lines 22-43], includes at 
least the public portion of the private and public encryption keys and which, prior 
to a subsequent insertion in the destination device, is inserted into a source device 
and updated to include a content encoding key encrypted with the key encryption 
key, whereby the destination device, following the subsequent insertion of the 
access card, has the key encryption key and can decrypt the content encoding key 
and, using the content encoding key, decode the digital information encoded with 
the content encoding key [column 12 line 65 to column 13 line 19]. 
As to claim 9, Marsh discloses a method for securely transferring information from a 
source device to an external device, the source device having a removable digital memory 
containing information accessible to the source device, the information contained in the digital 
memory intended to be protected from unauthorized access, the method comprising: 

receiving at the source device user certificate data from an access device 
and comparing the user certificate data with a first Conditional Access Certificate 
stored in memory of the source device for authenticating the certificate data (i.e. 
receiving the certificate, module 222 verifies that the licensing authority is itself 
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trustworthy. Module 222 verifies that the licensing authority is trustworthy by 
establishing a "chain" of one or more certificates ranging from the licensing 
authority up to a root certificate. System 220 maintains a root certificate for each 
licensing authority that system 220 trusts. Each root certificate is a self-signed 
certificate that is implicitly trusted by system 220. Upon receipt of the smart card 
certificate 276, module 220 attempts to establish a chain of certificates from the 
certificate 276 up to one of the trusted root certificates. This chain may include 
one or more "intermediate" certificates. Each certificate in the chain will have a 
"parent" certificate that can cryptographically verify the authenticity of the 
certificate (e.g., by being digitally signed by the parent). Eventually, the chain 
leads back to a parent certificate that is one of the trusted root certificates. If such 
a certificate chain can be established by module 222, then the licensing authority 
is considered trustworthy. However, if such a certificate chain cannot be 
established, then the licensing authority is not considered trustworthy and module 
222 will not descramble and encrypt the media content.) [column 10, lines 22-43]; 

accessing the information stored in the removable digital memory and 
encrypting the information stored in the removable digital memory using at least 
one content encryption key stored in the source device, upon authentication of the 
certificate data (i.e. The media is encrypted based on smart card 246, thereby 
requiring smart card 246 to be present in order to decrypt and render the stored 
content. This decryption and rendering can be performed by any system 220 to 
which smart card 246 is in communication (e.g., plugged into), such as the system 
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220 that recorded the content or a system 220 at a friend's house if smart card 246 
is taken to the friend's house. Alternatively it can be a physically different smart 
card, but only if that smart card has the same household identifier stored 
(securely) inside.) [column 14, lines 15-25]; 

receiving at the source device a public key from the access device and 
encrypting the at least one content encryption key using the public key [column 
14, lines 15-25]; and 

transmitting the encrypted content encryption key to enable access of the 
encrypted information stored on the removable digital memory by an external 
device communicable with the access device [column 14, lines 15-25]. 
As to claim 10, Marsh discloses a method for securely porting digital information from a 
source device to a destination device comprising: 

providing a source device having a removable digital memory and 
including a first Conditional Access Certificate (i.e. set-top box 242 provides 
received content 240 that satisfies the conditional access scheme to descrambling 
and encrypting module 222 via a coupling 244. Set-top box 242 scrambles the 
content it passes to module 222 in order to prevent a malicious user from tapping 
into the signal passed between box 242 and module 222 and inappropriately using 
the content. Coupling 244 can be any of a variety of communications 
mechanisms, including both wired and wireless. In one implementation, coupling 
244 is a USB (Universal Serial Bus) or IEEE 1394 connection) [column 7, lines 
11-25]; 
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providing a destination device having a second stored User Certificate and 
also including mutually corresponding private and public encryption keys 
associated with the destination device (i.e. Certificate 276 is a certificate that is 
digitally signed by a trusted licensing authority (also referred to as a certificate 
authority or certifying authority) testifying that the smart card 246 is authentic. 
Certificate 276 includes the public key of key pair 270, the public key of the 
licensing authority, and the above testimony, and is digitally signed by the 
licensing authority using the private key of the licensing authority. This digitally 
signed certificate allows module 222, knowing the public key of the licensing 
authority, to verify that the certificate that is presented by smart card 246 was 
indeed digitally signed by the licensing authority.) [column 9, lines 57-67]; 

providing an access card capable of use with both the source device and 
the destination device, the access card including a second Conditional Access 
Certificate and a first User Certificate stored therein (i.e. receiving the certificate, 
module 222 verifies that the licensing authority is itself trustworthy. Module 222 
verifies that the licensing authority is trustworthy by establishing a "chain" of one 
or more certificates ranging from the licensing authority up to a root certificate. 
System 220 maintains a root certificate for each licensing authority that system 
220 trusts. Each root certificate is a self-signed certificate that is implicitly trusted 
by system 220. Upon receipt of the smart card certificate 276, module 220 
attempts to establish a chain of certificates from the certificate 276 up to one of 
the trusted root certificates. This chain may include one or more "intermediate" 



Application/Control Number: 10/582,676 Page 15 

Art Unit: 2131 

certificates. Each certificate in the chain will have a "parent" certificate that can 
cryptographically verify the authenticity of the certificate (e.g., by being digitally 
signed by the parent). Eventually, the chain leads back to a parent certificate that 
is one of the trusted root certificates. If such a certificate chain can be established 
by module 222, then the licensing authority is considered trustworthy. However, 
if such a certificate chain cannot be established, then the licensing authority is not 
considered trustworthy and module 222 will not descramble and encrypt the 
media content.) [column 10, lines 22-43]; 

placing the access card in the access card port of the destination device a 
first time; after the placing of the access card in the destination device a first 
time, accessing the second User Certificate certificate from the destination device, 
and, within the access card, authenticating the second User Certificate from the 
destination device with the second Conditional Access Certificate to determine if 
the public encryption key should be read from the destination device and stored in 
the access card; [column 10, lines 22-43] 

if the public encryption key of the destination device should be written to 
the access card, writing the public encryption key from the destination device to 
the access card [column 10, lines 22-43]; 

removing the access card from the destination device after the writing of 
the public encryption key [column 10, lines 22-43]; 
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inserting the access card into the source device, and authenticating the first 
User Certificate with the first Conditional Access Certificate to determine if the 
access card is valid; 

if the access card is deemed to be valid by the source device, copying the 
public encryption key from the access card to the source device (i.e. The media is 
encrypted based on smart card 246, thereby requiring smart card 246 to be present 
in order to decrypt and render the stored content. This decryption and rendering 
can be performed by any system 220 to which smart card 246 is in 
communication (e.g., plugged into), such as the system 220 that recorded the 
content or a system 220 at a friend's house if smart card 246 is taken to the 
friend's house. Alternatively it can be a physically different smart card, but only if 
that smart card has the same household identifier stored (securely) inside.) 
[column 14, lines 15-25]; 

at the source device, encrypting at least some of the digital information in 
the digital memory using at least one content encryption key to produce encrypted 
information, using the public encryption key from the destination device to 
encrypt the content encryption key to thereby generate at least one encrypted 
content encryption key, and storing the at least one encrypted content encryption 
key in the access card [column 14, lines 15-25]; 

connecting the port of the digital memory to the digital information port of 
the destination device [column 12 line 65 to column 13 line 19]; 
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placing the access card in the access card port of the destination device a 
second time [column 12 line 65 to column 13 line 19]; 

after the step of placing the access card in the access card port of the 
destination device a second time, copying the at least one encrypted content 
encryption key from the access card to the destination device, and decrypting the 
encrypted content encryption key using the private key information (i.e. The 
encrypted content is also provided to MPEG decoder module 234. MPEG decoder 
module 234 decodes (e.g., decompresses) the encoded content (which is encoded 
in an MPEG format in the illustrated example). Module 234 decrypts the 
encrypted content prior to decoding the media content, and outputs the decoded 
content to content renderer module 236. Module 234 can, after decoding the 
media content, optionally encrypt the decoded content. Whether module 234 
encrypts the decoded content is dependent on whether a secure communication 
channel exists between modules 234 and 236. If there is a secure communication 
channel (e.g., the modules 234 and 236 are on the same expansion card within 
system 220, or are within the same display device), then encryption is not 
necessary. Content renderer module 236 renders the media content via rendering 
device 294. Although illustrated as a single decoder module 234 and a single 
renderer module 236, multiple such modules may be included (e.g., one for each 
type of media content, such as one for audio content and one for video content). 
Additionally, multiple rendering devices may be included (e.g., one for visual 
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content and another for audio content) [column 12 line 65 to column 13 line 19]; 
and 

at the destination device, receiving the encrypted information from the 
digital memory, and using the content encryption key to decrypt the encrypted 
information [column 12 line 65 to column 13 line 19]. 
As to claim 13, Marsh discloses an access card, the access card comprising: 

a memory having at various times at least first, second, and third states 
(i.e. set-top box 242 provides received content 240 that satisfies the conditional 
access scheme to dcscrambling and encrypting module 222 via a coupling 244. 
Set-top box 242 scrambles the content it passes to module 222 in order to prevent 
a malicious user from tapping into the signal passed between box 242 and module 
222 and inappropriately using the content. Coupling 244 can be any of a variety 
of communications mechanisms, including both wired and wireless. In one 
implementation, coupling 244 is a USB (Universal Serial Bus) or IEEE 1394 
connection) [column 7, lines 1 1-25]; 

authenticating means; 

the memory comprising, in the first state, a second Conditional Access 
Certificate and a first User Certificate stored therein (i.e. receiving the certificate, 
module 222 verifies that the licensing authority is itself trustworthy. Module 222 
verifies that the licensing authority is trustworthy by establishing a "chain" of one 
or more certificates ranging from the licensing authority up to a root certificate. 
System 220 maintains a root certificate for each licensing authority that system 
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220 trusts. Each root certificate is a self- signed certificate that is implicitly trusted 
by system 220. Upon receipt of the smart card certificate 276, module 220 
attempts to establish a chain of certificates from the certificate 276 up to one of 
the trusted root certificates. This chain may include one or more "intermediate" 
certificates. Each certificate in the chain will have a "parent" certificate that can 
cryptographically verify the authenticity of the certificate (e.g., by being digitally 
signed by the parent). Eventually, the chain leads back to a parent certificate that 
is one of the trusted root certificates. If such a certificate chain can be established 
by module 222, then the licensing authority is considered trustworthy. However, 
if such a certificate chain cannot be established, then the licensing authority is not 
considered trustworthy and module 222 will not descramble and encrypt the 
media content.) [column 10, lines 22-43]; 

the memory, in the second state, following a first insertion of the card and 
first authentication, where the first insertion of the card is into an access card port 
of a digital information destination device including digital information port 
which is capable of receiving the digital information, a second stored User 
Certificate and mutually corresponding private and public encryption keys 
associated with the destination device, and the first authentication is performed by 
the authenticating means authenticating the second User Certificate from the 
destination device with the second Conditional Access Certificate, comprising the 
public encryption key from the destination device [column 10, lines 22-43]; 
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the memory, in the third state, following a second insertion of the card and 
second authentication, where the second insertion of the card is into an access 
card port of a digital information source device including a removable digital 
memory containing digital information and a further memory containing a first 
Conditional Access Certificate and at least one content encryption key, and also 
following authentication of the first User Certificate stored in the memory of the 
access card with the first Conditional Access Certificate stored in the source 
device to establish validity of the access card to the source device, comprising the 
at least one content encryption key encrypted with the public encryption key (i.e. 
The media is encrypted based on smart card 246, thereby requiring smart card 246 
to be present in order to decrypt and render the stored content. This decryption 
and rendering can be performed by any system 220 to which smart card 246 is in 
communication (e.g., plugged into), such as the system 220 that recorded the 
content or a system 220 at a friend's house if smart card 246 is taken to the 
friend's house. Alternatively it can be a physically different smart card, but only if 
that smart card has the same household identifier stored (securely) inside.) 
[column 14, lines 15-25]. 
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Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 2, 3, 7, 11 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Marsh U.S. Patent No. 7,080,039 Bl as applied to claims 1, 6 and 10 above, and further in view 
of Roskind et al US 2003/0046544 Al (hereinafter Roskind). 

As to claims 2, 3, 7, 11 and 12, Marsh discloses an access card, as discussed above. 

Marsh does not teach means for establishing that the access card is not expired. Marsh 
does not teach that the means for establishing that the access card is not expired is performed by 
comparing the current time with a timestamp in the received user certificate data. 

Roskind teaches a smart-card [0016] with a digital certificate with an expiration time 
[0017]. Once the certificate expires, the smart-card becomes useless. Roskin teaches checking 
these certificates to see if they have expired [0020]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Marsh so that the certificate would have had an 
expiration time. Once the certificate expired, the smartcard would have become useless. There 
would have been means for checking to see if the certificate had expired. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Marsh by the teaching of Roskin because the temporary 
certificates function as a surrogate for the long-term digital certificate and allows the user to 
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immediately remove it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Marsh e the smart card from a card reader and 
pocket the smart card, thus avoiding the possibility of forgetting the card in a card reader [0012]. 
Conclusion 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday -Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Aravind K Moorthy/ 
Examiner, Art Unit 2131 
/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2131 



